00000067 is a generic error code returned when a component or sub-component has failed to install.
It is not possible to identify the cause (and therefore the resolution) directly from this error code. This error code signifies that something has gone wrong but determining the cause requires further investigation.
This article provides you with a series of troubleshooting steps which will help you to identify the specific errors and ultimately a cause of the problem.
After installing, upgrading or updating one or more components of Sophos Endpoint Security and Control you see any of the following errors:
00000067 The MSI has failed.
This error code can be shown in the console or locally on the endpoint computer.
Important: It is not possible to identify the cause (and therefore the resolution) directly from this error code. This error code signifies that something has gone wrong but determining the cause requires further investigation. There will be more information recorded in the installation logs that will allow further troubleshooting. The steps below will help you identify the specific errors and ultimately a cause of the problem.
First seen on
Sophos Endpoint Security and Control
This is a generic error code returned when a component or sub-component has failed to install.
What To Do
You can attempt to identify the problem yourself or run the Sophos Diagnostic Utility on the computer reporting the error then open a support ticket and attach the output file. To troubleshoot the issue yourself follow the steps below.
Troubleshooting the generic error 00000067
You need to check the installation logs and locate a more precise error, then search the knowledgebase for that code/error/phrase.
Where are the installation logs?
The installation logs are located in either the Windows temporary folder or the temporary folder of the user account that was used to install the software.
Note: When protecting an endpoint computer from the console some installation logs are saved under the temporary folder for the Windows account used in the Protect computers wizard.
What are the log files called?
The relevant log will depend on the failed component. For example if the Sophos Anti-Virus Component failed then you will need to look for the log titled 'Sophos Anti-Virus Install Log_yyyymmdd_hhmmss.txt'. If you are not sure which component failed then you will need to check each of the install log files. The below lists some of the common install log file names:
- Sophos Anti-Virus Install Log_yyyymmdd_hhmmss.txt
- Sophos AutoUpdate install log.txt
- Sophos RMS install log_yyyymmdd_hhmmss.txt
- Sophos Client Firewall install log.txt
- Sophos Enterprise Console.msi.log
- Sophos_Server64msi mm-dd-yyyy hh_mm_ss.log
Further information on endpoint generated log files can be found in article 43391
Details of server component logs can be found in article 116523
Local paths to the installation logs
If you have local access to the endpoint computer, or can log onto to the computer remotely the folders to check are:
- C:\WINNT\Temp\ or C:\Windows\Temp
Remote paths to the installation logs
If you are unable to log on to the computer locally or use Remote Desktop you can still access the installation logs of an endpoint by browsing through the C$ share ('C dollar share') if set up - this hidden share is normally accessible by all domain administrators. If you have a Workgroup ('peer to peer') network you may not have the share set up.
To access the local folders of an endpoint computer:
- Ensure you are logged on as a (domain) administrator account.
- Click Start | Run | Type:
\\[computername]\C$\ | Press return (where [computername] is the hostname of the endpoint computer).
- Use the paths mentioned in the section 'Local paths to the installation logs' above to locate the installation files.
How do I search for the error?
- Always ensure you check the most recent log first. Many installation logs include the date and time in the log file's name. Otherwise right-click the log, select 'Properties' and check the 'Created' and 'Modified' timestamps.
- Avoid troubleshooting an error from a log file created a long time ago - find a newer log file or re-run the installer to create a fresh log.
Searching Microsoft Installer (MSI) log files
Full MSI logs always have the line 'Product: [SophosProduct] -- Installation completed successfully.' or 'Product: [SophosProduct] -- Installation failed.' near the bottom. Examples:
MSI (s) (7C:D0) [TIME]: Product: Sophos Patch Agent -- Installation operation failed.
- MSI (c) (B4:D0) [TIME]: Product: Sophos Control Center -- Installation operation failed.
Note: Use Windows Notepad.exe or a similar text editor to open the file.
If the message shown at the bottom does not show success and the log is recent you have the correct file to troubleshoot further...
- Scroll to the top of the log file and click into the first line.
- Select Ctrl+F (or 'Edit' | 'Find...').
- Ensure the search direction is 'Down'.
- Enter into the search box the phrase:
return value 3
- Locate the first mention of the phrase and stop the search there.
That phrase will appear at the end of the 'section' that failed. Hence you then have to look at the lines just above the error and see what is recorded - maybe several lines depending on what the installer was trying to do. Some of our installers have 'custom actions' (like the Sophos Anti-Virus.msi installer) and hence checking the corresponding custom action log (the log file name will mention the phrase 'CustomActions Log') is also useful and may show the best error and/or highlight the problem.
If you find another error phrase or code you can search the knowledgebase for that error. If you do not find any information you can contact Sophos Technical Support for further advice.
Searching non-MSI log files
When checking log files that are not generated by the Microsoft Installer program it generally takes experience in reading the particular log files so you understand what to look for. Generally you can check for the first mentions of the phrases 'fail', 'failed', 'error' or ' E ' (with spaces before and after the letter).
If you cannot locate a more precise error run the Sophos Diagnostic Utility on the endpoint computer and forward to Sophos Technical Support.